Internal Audit and Compliance - Health Care Compliance Association
Internal Audit and Compliance - Health Care Compliance Association
Internal Audit and Compliance - Health Care Compliance Association
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
n Providing training to staff that is in addition<br />
to the current training schedule;<br />
n Engaging an independent review organization<br />
(IRO) to review the areas that the<br />
OIG has determined to be problematic.<br />
By Julie Katich <strong>and</strong> Karolyn Woo<br />
Editor’s note: Julie Katich <strong>and</strong> Karolyn <strong>and</strong> determine to what degree each of the<br />
Woo are with Deloitte & Touche, LLP. seven elements will be implemented; therefore,<br />
Julie can be reached by e-mail at<br />
compliance programs <strong>and</strong> their effectiveness are<br />
jkatich@deloitte.com <strong>and</strong> Karolyn can be as varying in nature as the organizations themselves.<br />
In some situations, it takes a government<br />
reached by e-mail at kwoo@deloitte.com.<br />
intervention, such as the issuance of a Corporate<br />
In an effort to protect against potential Integrity Agreement (CIA), to enhance the<br />
instances of fraud <strong>and</strong> abuse, many health organization’s compliance program.<br />
care organizations have adopted voluntary<br />
compliance programs. Using the various It is no surprise that when an organization<br />
Office of Inspector General’s (OIG) guidances<br />
for health care <strong>and</strong> life sciences orgative<br />
view of the agreement from a cost <strong>and</strong><br />
enters a CIA, it will often have a neganizations<br />
<strong>and</strong> the U.S. Federal Sentencing resource perspective. If the organization<br />
Guidelines, organizational compliance programs<br />
typically include the following seven the program may not be as effective <strong>and</strong><br />
already has a compliance program in place,<br />
elements:<br />
robust as the OIG expects when compared<br />
1. Governance <strong>and</strong> Oversight<br />
to industry st<strong>and</strong>ards <strong>and</strong> government guidance.<br />
Additionally, the program likely does<br />
2. Policies <strong>and</strong> Procedures<br />
3. Reporting System<br />
not fulfill all of the requirements contained<br />
4. Training <strong>and</strong> Education<br />
within the CIA. Typically, the organization<br />
5. Enforcement<br />
must implement new practices <strong>and</strong> modify<br />
6. Response <strong>and</strong> Prevention<br />
existing ones to meet the numerous m<strong>and</strong>ates<br />
of a CIA. This is often an onerous<br />
7. <strong>Audit</strong>ing <strong>and</strong> Monitoring<br />
process. Common CIA requirements include<br />
Because health care organizations are so diverse, enhancements to the compliance program,<br />
no optimal or st<strong>and</strong>ard compliance program such as:<br />
best suits all organizations. Rather, organizations<br />
are free to adopt programs that reflect guide the compliance officer <strong>and</strong> compli-<br />
n Activating a compliance committee to<br />
their commitment to compliance <strong>and</strong> take into ance program <strong>and</strong> set the tone at the top<br />
account government guidance <strong>and</strong> industry of the organization <strong>and</strong> demonstrate board<br />
practices. An organization’s compliance program <strong>and</strong> senior management commitment to<br />
should promote integrity <strong>and</strong> minimize the the program;<br />
risk of fraudulent activities. It is up to each n Revamping the training <strong>and</strong> education<br />
organization to assess its unique characteristics content to address the alleged misconduct;<br />
Unexpected benefits of a CIA <strong>and</strong> an IRO<br />
When an organization implements its CIA,<br />
it is not unusual for the organization to<br />
either re-allocate existing resources or acquire<br />
new personnel to support the compliance<br />
program. The organization is often forced<br />
to adopt a more comprehensive program<br />
(sometimes in several of the seven elements<br />
<strong>and</strong> sometimes only a few) that is maintained<br />
by dedicated resources <strong>and</strong> supported from<br />
the top level down.<br />
Sometimes, these changes result in unexpected<br />
benefits for the organization. That is,<br />
an organization that is subject to a CIA often<br />
finds itself with a more robust <strong>and</strong> effective<br />
compliance program than prior to the CIA.<br />
An additional benefit is that when the CIA<br />
requires an IRO, the IRO provides valuable<br />
insight into industry leading practices <strong>and</strong><br />
makes suggestions for operational enhancements<br />
for the organization. As an organization<br />
makes changes in accordance with the<br />
CIA requirements, it also will benefit from<br />
suggested changes or modifications that are<br />
made or recommended by the IRO.<br />
From an operational perspective, an effective<br />
compliance program will, in turn, improve<br />
organizational communication, teamwork,<br />
<strong>and</strong> overall operational efficiency. Similarly,<br />
the m<strong>and</strong>atory reporting requirements of<br />
the compliance activities often serve to<br />
improve the internal controls environment<br />
<strong>and</strong> reduce the likelihood of fraud, especially<br />
given the increased focus on the compliance<br />
environment as related to the Sarbanes-Oxley<br />
legislation.<br />
Continued on page 32<br />
November 2006<br />
30<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org